I was wondering the exact same thing. Looking forward to finding out. -------- Original Message -------- Subject: Re: "bioctl -P" is to change passphrase without wiping the encrypted partition's contents. How do you generate a new keydisk without wiping the same? Local Time: November 20 2015 2:13 pm UTC Time: November 20 2015 2:13 pm From: [email protected] To: [email protected] CC: [email protected]
Ah, and maybe equally importantly, what are the security ramifications of changing password/keydisk vs. wiping and installing from scratch with a new password/keydisk? Say that you would change password/keydisk today, and then next week someone gets a copy of your encrypted disk, and of your previous password/keydisk. Would they be able to extract any part of the disk information then, if not why? On 2015-11-20 21:58, Tinker wrote: > "bioctl -P" is to change passphrase without wiping the encrypted > partition's contents. How do you generate a new keydisk without wiping > the same? > > I.e. I have an encrypted partition /dev/sd0a which is encrypted using > the keydisk /dev/sd1a . Say /dev/sd1a's contents were compromised. How > do you generate a new one without needing to wipe /dev/sd0a . > > I.e. exactly the same as "-P" but for the keydisk usecase. > > (Of course the old keydisk/password is needed at replacement time.) > > Thanks, > Tinker
